During a recent illness I was doing some research into rendition and the Fourth Amendment evidentiary issues which may come up more often with an increased focus on prosecution of offshore cybercriminals. The challenge: how to recover both digital evidence for Stateside trial and the actual [foreign] cybercriminal with a less than cooperative home country.
At least it’s easier to understand than the prompt from Facebook asking me to accept and open my connections which I saw a few weeks back. To manage your privacy on Facebook, you will need to navigate through 50 settings with more than 170 options. I’m starting to seriously consider switching to the next best
David Harley sent me a link to an article about a scam I wasn’t familiar with. I wouldn’t really call it a scam, it is more a diversionary and blocking tactic after a victim’s account has been compromised, but it may be an indicator of an attack. According to Wired (http://www.wired.com/threatlevel/2010/05/telephony-dos), what happens is that
While the jury’s still out about whether the intent of the past month’s mass webserver breaches are fully criminal, Dancho reports new developments which also link Koobface activity into this command and control structure:
Yet another mass sites compromise is currently taking place, this time targeting DreamHost customers, courtesy of the same gang behind the U.S Treasury/GoDaddy/NetworkSolutions mass compromise campaigns.
This week there have been several major malware injection campaigns against WordPress blogs and other php-based content management systems. This malware injection battle began last week with Network Solutions and GoDaddy. Recently researcher Dancho Danchev has found evidence linking two US Treasury sites into the malware injection campaign: What’s particularly interesting about this campaign is
[Update: according to Neil Rubenking, FB chat is now working again and it’s no longer possible to view friend requests or chat activity for other users.] I’ve just blogged yet again about Facebook and privacy: I don’t usually publish the same content on different blog sites, but this is a recurrent hot topic in the ThreatBlog,
…but not in a good sense. Clearly there’s a lot of confusion about the detail of Facebook’s latest changes, as suggested by MSNBC at http://www.msnbc.msn.com/id/36877160/ns/technology_and_science-tech_and_gadgets/, though it’s clear enough that they don’t amount to a victory for common sense and user privacy. But what do you do about it? Well, here’s a good start. Social Media
I recently received a summons for Jury duty. The date I was supposed to appear on coincides with a date I am scheduled to be out of the country. In Seattle they really put computers to good use. I was able to go online and reschedule the date of my jury duty. What caught my
As I previously blogged today, the hacker who broke into Sarah Palin’s Yahoo account was convicted on two charges. The way that David Kernall gained access to Palin’s email account was by trying to log into her account, saying “I forgot my password” and then he correctly answered the password reset questions. Some of the
it’s anyone’s guess whether 24’s Jack Bauer would win in a faceoff against the new FBI Cyber Crimes Top Cop, Gordon Snow. Give this guy the data from the malware and he’s sharp enough to take the information and form a counterintelligence strategy and also reach into the black bag for which snake-eating team he
Wow. File this under ‘how stupid thoughtless can any one person in a position of absolute power be…’ One school official abuses the built-in webcam access used with anti-theft software [legal malware] which they had packaged onto school laptops… to their own detriment. What sparked the discovery was Assistant Principal Lindy Matsko’s assertion in early November that
My assessment is that this could be a strong leap forward in support of Community Driven Open Source Privacy. Another assessment is that if corporate decision makers aren’t incentivized either internally by a supportive Corporate Culture or externally by regulation, getting the entire grip on cybersecurity is going to be difficult if not impossible. One final assessment is that this gap is crying out for a Cybersecurity / Personal Data Security BBB-type organization’s seal of approval to provide comfort to those who frequent the business. The hard question comes into how scalable this could be.
Better get your CFO to review UCC Article 4A and realign protocols with your business bank – The clear and present danger to our banking through malware hits at the heart of our economy: the SMB. Stealthy malware-based theft of funds start the clock ticking much quicker than most SMB owners realize and without action
In response to questions I heard this weekend from friends of mine about the ‘big picture’ relevance of the 1.5 million Facebook accounts compromised, I referred back to last month’s FBI speech from Dep. Asst. Dir. Chabinsky: “Don’t be surprised if a criminal compromises your or one of your colleague’s personal social networking accounts to
The Internet is abuzz with the announcement from Verisign’s iDefense Labs that a criminal hacker on a Russian forum who goes by the nom-de-plume “Kirllos” (Carlos?) is selling the credentials for 1.5 million Facebook accounts in batches of a thousand for between $8 and $30, depending upon their quality (which, in this case, means dates
Is online privacy with Facebook technologically agnostic or can different rules apply if you post with your iPhone or other Smartphone? Are early adopters somehow compromised with their mobile device usage? Can a social media company make money while adopting user-driven privacy which impacts their revenue potential and shareholder value?
Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it: NOTE: The audio is not
From time to time I hear people who don’t use antivirus software claim that it doesn’t matter, there isn’t anything of value on their computer. To begin with, just controlling your computer is of value to some criminals. If I can control your computer I can get paid to send spam from it, to install
Last week Al Quaeda cyberterrorism attack information was declassified and made public. Today’s New York Times had an applicable editorial to whether cybersecurity issues are over-blown or under-believed: Predictions of disaster have always been ignored — that is why there is a Cassandra myth — but it is hard to think of a time when
I’ve just read a news item about a nine year old boy who has been accused of hacking into his school’s computer system. It seems police claim the nine year old hacked into the Blackboard Learning System used by his school to change teacher’s and staff member’s passwords, change and delete course content and change
The Boston Globe suggested that changing passwords is a waste of time, based on their interpretation of an article by Herley Cormac. Cormac’s paper – well worth reading, by the way – reinforces a point that has been made many times both by me and by the “user education doesn’t work” lobby. While I don’t believe that education is useless,